Amazon CloudFront is a network of data centers across the world that provides lower latency for content delivery to end users. Reducing latency is the primary usage of CloudFront. It serves as a proxy to the origin servers (S3, EC2) to deliver users your static or dynamic content. Naturally there are more data centers of Amazon CloudFront than the data hosting Amazon data centers (hosting everything) and access price of content via CloudFront is cheaper than AWS Origin sources (EC2, S3).

So if your content is accessed frequently and you are not too much worried about caching and expired data then exposing your content via CloudFront is a good choice.

In the diagram above the blue box shows the world wide CloudFront network. The router in the network is just a hypothetical (Software/Hardware) that determines the user’s location and based on that routes the request to the nearest location of CloudFront node. By this the latency is decreased because the nearest CloudFront location delivers the cached copy of the content to the user. For example the user located in Asia requests the content via CloudFront URL on his browser, the request is routed to the nearest location of user (probably in Asia or his country).

If the content is requested for the first time or the cache has expired then it is requested from the origin server and is then cached to host further requests from the region.

So, a lot of question arise at this time like how can I ask CloudFront to get my content? How do I make users route via CloudFront to my data? What about security of my data and how does it work? What if I update my content but the users get the old copy of it? What type of content I can make available via CloudFront?

It is not necessary that the end user requests data via CloudFront network but can retrieve directly from servers like Amazon S3, EC2 instances or your own servers. To route users through CloudFront we have to create web distributions and users have to use the CloudFront URL to access content via CloudFront network. Web distributions can be made from the AWS Management console or calling APIs.

You can go to the AWS Management console and create web distributions. The tasks to create web distributions are simple and are documented here. Once the distribution is created the status ensure that the status of the distribution is changed to deployed and enabled. If you have finished the steps of configuring the CloudFront distribution wait for some time like 15-20 minutes for the status to be changed to Deployed.

After creating the web distribution you will get a weird domain name of your CloudFront, if you wish you can define the domain name you own in CNAME during configuration. You have mapped the Origin of the content to the CloudFront web distribution you created. It means that the content from your Origin will be cached (according to the cache settings) if the content is accessed via the URL of the CloudFront distribution.

File Origin in S3 (located in US West data center)

CloudFront URL and S3 URL patterns

In my configurations I specified my S3 bucket as my origin. I uploaded a file to the bucket and defined the security as publicly available. Please note that the content accessed via CloudFront in this sample is publicly available. I have made it publicly available from Visual Studio by right click –> Make Publicly Readable. For private content you have to used Signed URLs to access the secure & private content.

So I have tested successfully that my content was available via CloudFront and I was able to access it in the browser.

Instead, the user accessing the content directly from S3 he can do so with CloudFront URL with increased performance.

Next we are going to have some basic code for reading the distribution settings with AWSSDK .NET API.

The above code will print the distribution ID, CloudFront Domain Name and the Origin Domain Name.

The output is shown below from the code.

System.Xml.XmlException : {“The ‘BR’ start tag on line 6 position 30 does not match the end tag of ‘FONT’. Line 7, position 3.”}

I was having a little trouble with proxy settings so I configured the proxy settings with the below code. You can put your domain, user and password to fix the exception if you are getting it due to proxy issues.